General
-
Target
79e9c21c5f5b430e248a3ddd739a76b97874a9057418f83416edc303e4275979
-
Size
388KB
-
Sample
220521-c62erafba4
-
MD5
3a5ba8eacb16363741977877de624c53
-
SHA1
3dc9a521321c64cc68a52e878a03d67ebd1ebe0a
-
SHA256
79e9c21c5f5b430e248a3ddd739a76b97874a9057418f83416edc303e4275979
-
SHA512
df603d9fb8af260973fe2c7959b7071d66a3562f8015dff338ebcc57f567f3c2cc2ab8c205acbbd714d8e39a558743532b4ce0cfae2284f761b1d20307c3c681
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
NEW PO -060746E7.exe
-
Size
411KB
-
MD5
1ce79c86bde0daf6fcebb4f81228c118
-
SHA1
ff3643ac0b1626472d23a09d7b603d457e811e5c
-
SHA256
2b969d8cdb8ebab56e42e08200126ecf287e3ce31245f7fb8563245cc53615de
-
SHA512
e761e0ece89802b07894af6f5780d374192a0a1575d34d07c5acf4226c74072af8b2823f8543702de7aad3c0f646fe0f5ed7d4e50db6022267e52cb9e192ba82
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-